OpenSSL remote denial of service vulnerabilities as described in
CAN-2004-0081 and CAN-2003-0851 (cf. Red Hat alert RHSA-2004:119-01
for details) affect openssl packages as provided by Red Hat 7.x and
8.0 distributions.
At least for RH 7.3 packages binaries recompiled from these "enterprise"
sources fit and are patched.
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-36.src.rpmftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-24.src.rpmftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-25.7.src.rpm
Actually patches are really the same across various versions of openssl.
I am running right now few RH7.3 installations with binaries recompiled
from the sources above. If they do not work then you cannot read that. :-)
------- Additional Comments From jkeating@j2solutions.net 2004-03-18 18:34:56 ----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've built 7.x and 8.0 rpms of openssl, using the patches found
inside the RHEL2.1 errata packages. Please QA them.
http://geek.j2solutions.net/rpms/legacy/openssl/
cf6cd7a8637d0707e4d4b8b8562e161a5840b80a 7.x/openssl-0.9.6b-36.7.legacy.i386.rpm
b099e1baa30422076be51970c16e582a5a454973 7.x/openssl-0.9.6b-36.7.legacy.i686.rpm
b734c6290fee8fbd24a345945d0d78f3915baac2
7.x/openssl-devel-0.9.6b-36.7.legacy.i386.rpm
55525c0017d5f7d4809056a325471d967b064e8d
7.x/openssl-perl-0.9.6b-36.7.legacy.i386.rpm
e90e044eea5a40bb478e141184e63d1856c49551
7.x/openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
c88d372d048aac024d13a1c04fe6e558e3058d57
7.x/openssl095a-0.9.5a-24.7.3.legacy.src.rpm
ede50288945876f4292aa9d9e261e4b407409f40 7.x/openssl096-0.9.6-25.7.legacy.i386.rpm
7caa11572cd927e9dfb430802b161bdc202a4549 7.x/openssl096-0.9.6-25.7.legacy.src.rpm
ac4b90e37ca4bd6be15f834184437de443023ca0 7.x/sha1sums
0775bf129233ddb8e1914723b6e2d07abee62486 8.0/openssl-0.9.6b-36.8.legacy.i386.rpm
2602438132f4050d372c125fa509ca299d40d248 8.0/openssl-0.9.6b-36.8.legacy.i686.rpm
f6a98ecf439a09b001ffef0ef418ba3241944ef4 8.0/openssl-0.9.6b-36.8.legacy.src.rpm
ac84eee038ed85559ebf546673adf7c42c3a7c80
8.0/openssl-devel-0.9.6b-36.8.legacy.i386.rpm
79d8707abfd99c986084cfd27a6bd36c9f9cbed4
8.0/openssl-perl-0.9.6b-36.8.legacy.i386.rpm
f1a4c30a821906257cd366da1d4722c0aa3a1bd1
8.0/openssl095a-0.9.5a-24.8.legacy.i386.rpm
ce72bc9efb616b3edbcd57ae563a5a5bed1fd23b 8.0/openssl095a-0.9.5a-24.8.legacy.src.rpm
5f8a85519016d6fb5619ca48cd81d0ec33eea28d 8.0/openssl096-0.9.6-24.8.legacy.i386.rpm
18edf79f6020e5cb8061660d1793254a40d4cdd2 8.0/openssl096-0.9.6-24.8.legacy.src.rpm
d5eb15512e4d0a0f6488835b9096bf23a43989df 8.0/sha1sums
[jkeating@bean openssl]$ for dir in *; do sha1sum ${dir}/*; echo; done
cf6cd7a8637d0707e4d4b8b8562e161a5840b80a 7.x/openssl-0.9.6b-36.7.legacy.i386.rpm
b099e1baa30422076be51970c16e582a5a454973 7.x/openssl-0.9.6b-36.7.legacy.i686.rpm
b734c6290fee8fbd24a345945d0d78f3915baac2
7.x/openssl-devel-0.9.6b-36.7.legacy.i386.rpm
55525c0017d5f7d4809056a325471d967b064e8d
7.x/openssl-perl-0.9.6b-36.7.legacy.i386.rpm
e90e044eea5a40bb478e141184e63d1856c49551
7.x/openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
c88d372d048aac024d13a1c04fe6e558e3058d57
7.x/openssl095a-0.9.5a-24.7.3.legacy.src.rpm
ede50288945876f4292aa9d9e261e4b407409f40 7.x/openssl096-0.9.6-25.7.legacy.i386.rpm
7caa11572cd927e9dfb430802b161bdc202a4549 7.x/openssl096-0.9.6-25.7.legacy.src.rpm
ac4b90e37ca4bd6be15f834184437de443023ca0 7.x/sha1sums
0775bf129233ddb8e1914723b6e2d07abee62486 8.0/openssl-0.9.6b-36.8.legacy.i386.rpm
2602438132f4050d372c125fa509ca299d40d248 8.0/openssl-0.9.6b-36.8.legacy.i686.rpm
f6a98ecf439a09b001ffef0ef418ba3241944ef4 8.0/openssl-0.9.6b-36.8.legacy.src.rpm
ac84eee038ed85559ebf546673adf7c42c3a7c80
8.0/openssl-devel-0.9.6b-36.8.legacy.i386.rpm
79d8707abfd99c986084cfd27a6bd36c9f9cbed4
8.0/openssl-perl-0.9.6b-36.8.legacy.i386.rpm
f1a4c30a821906257cd366da1d4722c0aa3a1bd1
8.0/openssl095a-0.9.5a-24.8.legacy.i386.rpm
ce72bc9efb616b3edbcd57ae563a5a5bed1fd23b 8.0/openssl095a-0.9.5a-24.8.legacy.src.rpm
5f8a85519016d6fb5619ca48cd81d0ec33eea28d 8.0/openssl096-0.9.6-24.8.legacy.i386.rpm
18edf79f6020e5cb8061660d1793254a40d4cdd2 8.0/openssl096-0.9.6-24.8.legacy.src.rpm
d5eb15512e4d0a0f6488835b9096bf23a43989df 8.0/sha1sums
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAWnf44v2HLvE71NURAhvYAJ46xXLWc6OEjiGxZ8EH2zfUPxHkZgCeJxdQ
0BEragHy3KcqFsc8YNizoT4=
=pwQ+
-----END PGP SIGNATURE-----
------- Additional Comments From jkeating@j2solutions.net 2004-03-18 18:38:01 ----
Hrm, that got thwacked. Here is just a URL list:
7.x
http://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl-0.9.6b-36.7.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl-0.9.6b-36.7.legacy.i686.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl-devel-0.9.6b-36.7.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl-perl-0.9.6b-36.7.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl095a-0.9.5a-24.7.3.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl095a-0.9.5a-24.7.3.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl096-0.9.6-25.7.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl096-0.9.6-25.7.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/sha1sums
8.0
http://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl-0.9.6b-36.8.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl-0.9.6b-36.8.legacy.i686.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl-0.9.6b-36.8.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl-devel-0.9.6b-36.8.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl-perl-0.9.6b-36.8.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl095a-0.9.5a-24.8.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl095a-0.9.5a-24.8.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl096-0.9.6-24.8.legacy.i386.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/openssl096-0.9.6-24.8.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/8.0/sha1sums
------- Additional Comments From bugs.michael@gmx.net 2004-03-18 20:12:34 ----
missing: openssl-0.9.6b-36.7.legacy.src.rpm
------- Additional Comments From jkeating@j2solutions.net 2004-03-18 20:52:31 ----
Oops! Didn't get uploaded. It's there now. sha1sums was updated as well to
reflect the new file.
d2524c3b0eef250345dbf2daa902a1286a305ac5 7.x/openssl-0.9.6b-36.7.legacy.src.rpm
3356afbda872e2a4a87600b2e77fc62ff19a59ba 7.x/sha1sums
http://geek.j2solutions.net/rpms/legacy/openssl/7.x/openssl-0.9.6b-36.7.legacy.src.rpmhttp://geek.j2solutions.net/rpms/legacy/openssl/7.x/sha1sums
------- Additional Comments From bugs.michael@gmx.net 2004-03-19 04:02:59 ----
rh73, interesting...
binary rpm listing diffs : this shows how close the builds are to the previous
rh73 errata packages. In two of the openssl packages, the "spinfix" and
"recursion" patches don't even cause the built libraries to differ in size, and
only the patched certificates show up.
[...]
openssl-0.9.6b-35.7.i386.rpm -> openssl096-0.9.6-25.7.legacy.i386.rpm
--- old 2004-03-19 14:43:58.000000000 +0100
+++ new 2004-03-19 14:43:39.000000000 +0100
@@ -52,7 +52,7 @@
lrwxrwxrwx root root 19 /usr/share/ssl/cert.pem
drwxr-xr-x root root 0 /usr/share/ssl/certs
-rw-r--r-- root root 1832 /usr/share/ssl/certs/Makefile
--rw-r--r-- root root 253688 /usr/share/ssl/certs/ca-bundle.crt
+-rw-r--r-- root root 249373 /usr/share/ssl/certs/ca-bundle.crt
-rw-r--r-- root root 610 /usr/share/ssl/certs/make-dummy-cert
drwxr-xr-x root root 0 /usr/share/ssl/lib
drwxr-xr-x root root 0 /usr/share/ssl/misc
[...]
openssl096-0.9.6-23.7.i386.rpm -> openssl096-0.9.6-25.7.legacy.i386.rpm
--- old 2004-03-19 14:44:00.000000000 +0100
+++ new 2004-03-19 14:43:48.000000000 +0100
@@ -1,4 +1,4 @@
--rwxr-xr-x root root 882913 /usr/lib/libcrypto.so.0.9.6
+-rwxr-xr-x root root 882945 /usr/lib/libcrypto.so.0.9.6
-rwxr-xr-x root root 206309 /usr/lib/libssl.so.0.9.6
drwxr-xr-x root root 0 /usr/share/doc/openssl096-0.9.6
-rw-r--r-- root root 154209 /usr/share/doc/openssl096-0.9.6/CHANGES
[...]
openssl095a-0.9.5a-23.7.3.i386.rpm -> openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
-empty-
------- Additional Comments From jkeating@j2solutions.net 2004-03-19 05:49:05 ----
Well they both are extremely small patches... but this is why file size
shouldn't be used to determine differences. (well, not accurately)
------- Additional Comments From michal@harddata.com 2004-03-19 09:30:16 ----
Where I can test it (i.e. RH7.3 installations) I do not see any problems
either with binaries from Jesse or what I recompiled earlier myself.
Yes, openssl-0.9.6b-36.src.rpm has an updated ca-bundle.crt. These things
change over time.
This likely should go quickly into updates.
------- Additional Comments From heinlein@cse.ogi.edu 2004-03-19 10:36:50 ----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I've installed the updates on a handful of Red Hat 8.0 boxes, including
one that does a fairly substantial amount of https work. So far, all is
well.
- -- Paul Heinlein <heinlein@cse.ogi.edu>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAW1miHjacYo9UyjURApqfAKCvz03Lf/Z2ZjrU2sI6MO/gNW/TFwCfVbzk
wCsCt0EaZYwicEWUvP/lvLc=
=Ifg+
-----END PGP SIGNATURE-----
------- Additional Comments From strobert@strobe.net 2004-03-20 22:23:53 ----
installed the openssl and openssl-devel packages for rh7.3 on a few test
systems. Did some basic tests (ssh,scp) and working fine here.
------- Additional Comments From bugs.michael@gmx.net 2004-03-21 20:17:11 ----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
c88d372d048aac024d13a1c04fe6e558e3058d57 (manually wrapped for bugzilla)
openssl095a-0.9.5a-24.7.3.legacy.src.rpm
7caa11572cd927e9dfb430802b161bdc202a4549 openssl096-0.9.6-25.7.legacy.src.rpm
d2524c3b0eef250345dbf2daa902a1286a305ac5 openssl-0.9.6b-36.7.legacy.src.rpm
* the src.rpm diffs against previous rh73 errata are good
* included patches match those from the RHEL errata
* binary builds look good (despite incomplete buildreq tags)
and work for me (rh73)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAXoTQ0iMVcrivHFQRAnL4AJ4mqlE1noFe4TEzMfGe7uD3IvbAsQCdGWNs
Rmz6+VoH/4eRBz0Rh0RbsT4=
=cAZu
-----END PGP SIGNATURE-----
------- Additional Comments From fedora-bugzilla@hrunting.org 2004-03-22 05:05:20 ----
I tested these packages on RH7.2 and RH7.3 systems and they work fine. How come
it takes so long to push this into the download tree? I would expect that
something this serious would at least be in updates-testing the same day. This
is a VERY simple patch.
------- Additional Comments From jkeating@j2solutions.net 2004-03-22 06:37:51 ----
Yes it is simple. However the requirements to get this into testing are not
having it work in current systems, but examining the changes from the old
package to the new package, as well as the patches, to make sure that I didn't
introduce anything nasty. Seems people were only interested in showing if the
package worked or not. Michael Schwendt has done the appropriate checking for
RHL 7.3, so I'll just have to trust that the rest of the packages are fine by
proxy. Given that I made the packages, I have a higher degree of trust, but I
am hesitant to streamline something I built due to appearance of favoritism or
something like that. Things I build and provide should have to go through the
same QA processes as something from anybody else.
That said, I am in the process of building these for updates-testing. Should
have them out there today, depending on my work load at work.
------- Additional Comments From christof@damian.net 2004-03-22 23:01:24 ----
I just tried to rebuild this package:
http://download.fedoralegacy.org/redhat/7.2/updates-testing/SRPMS/openssl096-0.9.6-25.7.legacy.src.rpm
but it produced:
SRPMS/openssl095a-0.9.5a-23.7.3.src.rpm
i386/openssl095a-0.9.5a-23.7.3.i386.rpm
------- Additional Comments From christof@damian.net 2004-03-22 23:13:02 ----
Please ignore the last comment, my mistake.
------- Additional Comments From strobert@strobe.net 2004-03-23 22:20:26 ----
Okay, I follow your comment (#12). These were already verified on rh7.3, but
did additional verification for rh7.3 (sorry only build environments I have are
for rh6.2 and rh7.3 -- we run those two plus as2.1 and es2.1).
Confirmed only files in the SRPM that changed from the final RedHat errata
(35.7) and the one here (36.7.legacy, d2524c3b0eef250345dbf2daa902a1286a305ac5
sda1sum) were:
- ./ca-bundle.crt:
- removal of expired 'CyberTrust Japan, Inc' cert
- removal of trustcenter.de class 0 cert
- addition of usertrust.com cert
- ./openssl.spec: changelog, the release, and the additional two patches
- these two additions:
./openssl-0.9.6b-recursion.patch
./openssl-0.9.6c-spinfix.patch
these are the same changed files between the 35.7 and 36 SRPMS's for as2.1. And
outside of minor diffs in the spec file (different changelog entires for this
fix and different release numbers), the contents of the SRPM provided
(36.7.legacy) and AS2.1's build 36 are identical.
Did rpmbuild --rebuild of the SRPM on our official rh7.x arch rpm build machine
and it built the appropriate rpms.
So looks kosher from my viewpoint.
------- Additional Comments From jpdalbec@ysu.edu 2004-03-25 09:19:43 ----
updates-testing does not seem to have an i686-optimized version of the new
openssl package. Do you plan to fix this?
------- Additional Comments From jkeating@j2solutions.net 2004-03-25 09:32:16 ----
RHL 7.3 and 8.0 has i686 packages for openssl-0.9.6b. These were the only
packages that were i686 built by Red Hat for previous versions of openssl, and
thus they are the only ones Fedora Legacy will provide for openssl.
------- Additional Comments From strobert@strobe.net 2004-03-25 10:41:01 ----
from my rh7.3 tree:
/install/rh73/approved/general/openssl-0.9.6b-35.7.i386.rpm
/install/rh73/approved/general/openssl-0.9.6b-35.7.i686.rpm
/install/rh73/approved/general/openssl-devel-0.9.6b-35.7.i386.rpm
/install/rh73/approved/general/openssl-perl-0.9.6b-35.7.i386.rpm
/install/rh73/approved/general/openssl095a-0.9.5a-23.7.3.i386.rpm
/install/rh73/approved/general/openssl096-0.9.6-23.7.i386.rpm
so yup, only i686 package is openssl-0.9.6b-35.7.i686.rpm. looked in
updates-testing, and it has the same package set.
I am still new on fedora legacy, so is there anything I can do to help in the
process to move it to the next phase please let me know. I am planning on
pulling down the updates-testing rpm's and installing them on test machiens and
doing basic tests, but didn't know if there were specific things I could be doing.
------- Additional Comments From jpdalbec@ysu.edu 2004-03-26 05:17:24 ----
My mistake, I see you have those packages and the appropriate header files.
I guess I'm hitting a yum bug, which i've reported as bug #1425.
------- Additional Comments From Milan.Slanar@fs.cvut.cz 2004-03-28 23:03:24 ----
on comment #17: RHL 7.2 have no i686 package of openssl, but all official Red Hat
updates of openssl for RHL 7.2 have i686 package. So i686 package should be
provided for RHL 7.2.
------- Additional Comments From jpdalbec@ysu.edu 2004-03-29 08:33:51 ----
Created an attachment (id=611)
differences in summary files for openssl packages
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
++VERIFY RH 7.3
014a4d8fec25dde48ee8f8c14cc5250afc687542 openssl-0.9.6b-36.7.legacy.i386.rpm
c4403aff66cc3891418f2f4a5fc9632ed87c6f79 openssl-0.9.6b-36.7.legacy.i686.rpm
8b3fca54a08ae67a3ee5c5b6dfc0a166a31d9a1c \
openssl-devel-0.9.6b-36.7.legacy.i386.rpm
bfb7a080b0afe36bba4de6431d68110cd30636aa \
openssl-perl-0.9.6b-36.7.legacy.i386.rpm
fff610245bcd73fce6b78c0e7f4155cf0c627762 \
openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
f678d1b885a8236301afb4f92da2d451599643ce openssl096-0.9.6-25.7.legacy.i386.rpm
* SSH works OK
* no ldd differences
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAaGuVJL4A+ldA7asRAnkbAKCSgJYSs6Dt8KXSDW+U+KoAEV0egwCgpPNw
3+BzHRiGClFdUKDRwBepAzE=
=Q2Mv
-----END PGP SIGNATURE-----
------- Additional Comments From jpdalbec@ysu.edu 2004-03-29 08:37:04 ----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
++VERIFY RH 7.3
014a4d8fec25dde48ee8f8c14cc5250afc687542 openssl-0.9.6b-36.7.legacy.i386.rpm
c4403aff66cc3891418f2f4a5fc9632ed87c6f79 openssl-0.9.6b-36.7.legacy.i686.rpm
8b3fca54a08ae67a3ee5c5b6dfc0a166a31d9a1c \
openssl-devel-0.9.6b-36.7.legacy.i386.rpm
bfb7a080b0afe36bba4de6431d68110cd30636aa \
openssl-perl-0.9.6b-36.7.legacy.i386.rpm
fff610245bcd73fce6b78c0e7f4155cf0c627762 \
openssl095a-0.9.5a-24.7.3.legacy.i386.rpm
f678d1b885a8236301afb4f92da2d451599643ce openssl096-0.9.6-25.7.legacy.i386.rpm
* SSH works OK
* no ldd differences
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAaGuVJL4A+ldA7asRAnkbAKCSgJYSs6Dt8KXSDW+U+KoAEV0egwCgpPNw
3+BzHRiGClFdUKDRwBepAzE=
=Q2Mv
-----END PGP SIGNATURE-----
------- Additional Comments From jkeating@j2solutions.net 2004-03-29 11:58:34 ----
My bad, I thought I looked and didn't find any i686 version of openssl. The
7.3 packages ARE the 7.2 packages, so when I release it fully, there will be
7.2 i686 packages. For now if you want to verify the 7.3 i686 packages on 7.2,
that would be cool. I'm out of town until Wed, I'll try to push them out to
updates then.
------- Additional Comments From rostetter@mail.utexas.edu 2004-04-05 10:58:05 ----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I downloaded and installed the RH 8.0 updates-testing rpms for
openssl (i686), openssl-devel, libtool, and libtool-libs.
I've not tested the libtool stuff heavily, but in limited testing
I've seen no problems.
The openssl stuff is taking a beating (https, pop3/ssl, imap/ssl,
ssh, etc on a very busy system) and is holding up fine with no
problems seen.
My vote is to publish these packages RH 8.0 asap.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAccgm4jZRbknHoPIRAkChAJ9jcJKF6ai3jASh4OtbtGjsTlmVZwCeIDyE
tqvl9To3p9mWuZCTmhQrEmg=
=+jKC
-----END PGP SIGNATURE-----
------- Additional Comments From jkeating@j2solutions.net 2004-05-08 06:41:58 ----
Pushed to Updates.
------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:24 -------
This bug previously known as bug 1395 at https://bugzilla.fedora.us/https://bugzilla.fedora.us/show_bug.cgi?id=1395
Originally filed under the Fedora Legacy product and General component.
Attachments:
differences in summary files for openssl packages
https://bugzilla.fedora.us/attachment.cgi?action=view&id=611
Unknown priority P1. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity critical. Setting to default severity "normal".
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.

Note

You need to
log in
before you can comment on or make changes to this bug.